sudoers file entries do not survive reboot, backup strategy broken

[ilium007]

I thought I finally had cloud backup sorted, my plan was to use Duplicacy (https://duplicacy.com/) to perform deduped backups to B2.

I have a remote Linux host that connects via SSH and performs a ZFS snapshot, mounts it on the FreeNAS server, mounts the snapshot locally via SSHFS and performs the backup from the Linux host. Upon completion it unmounts on both sides and removes the ZFS snaphot (again via SSH calls).

All of this was being performed using sudo calls. I had edited the sudoers file (sudo visudo) on the FreeNAS 11.3-U1 server to add the NOPASSWD entries not even thinking about it not surviving a reboot.

Do I have any other options?

 

[fracai]

You could use a startup script that adds the NOPASSWD entries to the sudoers file.

Alternatively, Duplicacy has a FreeBSD binary that works just fine on FreeNAS. It even runs without dependencies so you can run it directly in FreeNAS without being in a jail. This is how I'm backing up my system.

I created a cron task in the FreeNAS web UI that executes a script that sets the B2 authentication variables and runs duplicacy. I haven't taken the steps to use a snapshot, but I'm sure you could put that together. That's actually something that I think Duplicacy should support on its own. That'll probably be my next project to take on.

Duplicacy and B2 has been a great combination. Even more so since I got Cloudflare support integrated and you can now get free data downloads from B2.

For anyone else reading this, I really can't recommend Duplicacy and B2 enough.

 

[ilium007]

I was using a remote machine so that I had everything available should I lose the FreeNAS box. The Duplicacy scripts and executable on FreeNAS would need to sit in a ZFS pool that may be unavailable in a DR event. The easiest (not greatest) solution I have at present is to run the commands as root on the FreeNAS box by allowing SSH as root.

 

[fracai]

Can you elaborate on what you mean by the scripts and executable being in a pool being a problem during data recovery? You could keep a copy of those scripts and credentials on another machine and restore from there. I currently have four machines, including FreeNAS, backing up to B2 via Duplicacy CLI and I monitor the status of all of those using the Duplicacy Web UI. That is currently running in a jail, but I could easily (probably should) install that somewhere else so I can easily restore if the FreeNAS drives fail.

If your backup solution was working fine over SSH, I'm unsure of why you couldn't run those same scripts via cron?

 

[ilium007]

Can you elaborate on what you mean by the scripts and executable being in a pool being a problem during data recovery? You could keep a copy of those scripts and credentials on another machine and restore from there. I currently have four machines, including FreeNAS, backing up to B2 via Duplicacy CLI and I monitor the status of all of those using the Duplicacy Web UI. That is currently running in a jail, but I could easily (probably should) install that somewhere else so I can easily restore if the FreeNAS drives fail.

If your backup solution was working fine over SSH, I'm unsure of why you couldn't run those same scripts via cron?

I have taken your advice, scripts hosted within a dataset on FreeNAS now. Scripts enumerate a dataset and all child datasets, perform ZFS snapshot, backup from the snapshot using Duplicacy locally from FreeNAS to B2, rename ZS snashot and retain for x days. All tested and working - thanks for your help.

 

[fracai]

If you have a domain you can use, I suggest hooking it up with Cloudflare to get free B2 downloads. Depending on your backup habits this can actually end up cutting costs by a decent amount.

 

[artlessknave]

I'm curious why you would edit the sudoers file instead of using the GUI to give the user sudo access?
config changes are intended to be done in the GUI, as manual changes are, as you found out, usually lost.

 

[darkmode]

If you have a domain you can use, I suggest hooking it up with Cloudflare to get free B2 downloads. Depending on your backup habits this can actually end up cutting costs by a decent amount.

I looked into Cloudflare + B2 but it seems to require that your S3 bucket be public instead of private.